I think the yellow triangle seems to work fine, so long as it's always visible. I'm not sure why applets should even be allowed to open windows though, to be honest. They're suppoesd to be embedded in web pages. In fact I think they shouldn't be allowed, unless they're signed.

(What's to stop me signing my fake login applet, and the user clicks yes to see what the content is they're missing, which can then launch another process quietly in the background which at some random point makes the fake login screen when no-one thinks the applet is even running any more? In fact, given that I can do that... what security do we actually have? None at all really.)

I think the yellow triangle seems to work fine, so long as it's always visible. I'm not sure why applets should even be allowed to open windows though, to be honest. They're suppoesd to be embedded in web pages. In fact I think they shouldn't be allowed, unless they're signed.

We use unsigned applets for our game rooms that open up an applet window when people click on a table. We also have a solution that uses tabs to avoid this - but the windowed solution is better because it lets you chat both in the room and at the table at the same time.

The fact that you can open a window is not the problem. You could create the applet in an html popup and *some* people would still think it was a login screen. People ARE stupid and we can't save all of them...

The fact that you can open a window is not the problem. You could create the applet in an html popup and *some* people would still think it was a login screen. People ARE stupid and we can't save all of them...

That's poor excuse for not trying =) "hey, look at those people drowning.. too bad we can't save all of them, so let's not even try"..

(What's to stop me signing my fake login applet, and the user clicks yes to see what the content is they're missing, which can then launch another process quietly in the background which at some random point makes the fake login screen when no-one thinks the applet is even running any more? In fact, given that I can do that... what security do we actually have? None at all really.)

Cas

If you have convinced the user to accept your signed applet, game over, you own the machine. You can run native code, after all.

Which I think is a problem (mentioned several times) - we don't have a granularity when it comes to security - either almost nothing, or everything.

Great if that happens, then JavaFX can really compete against Flash.Ah good. That should help escaping any unfriendly full screen app.Another suggestion for escaping full screen is having a esc option.

This is what will be done in FX - ESC closes FS window unconditionally.

That's poor excuse for not trying =) "hey, look at those people drowning.. too bad we can't save all of them, so let's not even try"..

What I am saying is that there is a fine line between protecting the users of Java and helping the producers of content.

Since an applet is already sand boxed it cannot do harmfull things. Why do we then need to add all sorts of visual warnings?Whatever you can do with an applet, can be done by either flash or plain html - and if not, then limit applets. Don't add a forest of signs and warnings to scare away users.Make sand boxed applications safe for the users (at least as safe as "the others") and remove *all* warnings.

However, signed applets is another deal, and I understand the need for the large warning signs. That said, you could re-introduce (why did it stop working? - did it?) the policy files to make the user aware what is being requested permission wise.

Make sand boxed applications safe for the users (at least as safe as "the others") and remove *all* warnings.

Agreed.

But pop-up windows without special "THIS IS JAVA"-frames are not safe, as they can trick the user into thinking it's ANY other program.."Wait, my Windows Live Messenger wants me to log in again? Ok then..""Wait, I thought I had already logged in to gmail? Ok then..""Wait, I thought I had already entered the launch codes for the nuclear bombs? Ok then.."

Pop up windows are evil as f**k.

Since a simple link can launch webstart from any site, and webstart can pop up windows without asking the user, those windows need to be CLEARLY labeled as unsafe. Absolutely, definitely, no question about it.Hell, webstart apps don't even have to pop up a window at all, they can just run in the background for as long as the computer is running. Combine this with some scripting and networking, and you've got a free distributed computer trapping people who are stupid enough to click links on the interwebs.

Why not do this: - totally block undecorated Frames => frame.setUndecorated(true) has no effect - suppress the length of the Frame title visually, frame.getTitle() must return the full title - append " - Java Applet Window" in the frame title.

Hi, appreciate more people! Σ ♥ = ¾Learn how to award medals... and work your way up the social rankings!

I think that the explanation text must mention Java aswell as Browser because browser is more know by enduser

"Java Applet Window" => most user wont understand what it is

"Internet Explorer - Java Applet Window" or "Browser Java Window" => people will understand they are on the web

probably the best way is to do using browser rules :- modified title- no undecorated or a translucent message over the whole window that user have to click before activating and focusing the window (like the press esc to close window of flash video)

Why not do this: - totally block undecorated Frames => frame.setUndecorated(true) has no effect - suppress the length of the Frame title visually, frame.getTitle() must return the full title - append " - Java Applet Window" in the frame title.

I have to agree that this would be a much better way to go - frankly I find the current implementation with the floating warning icon is hideous. Not only does it look sloppy and unprofessional it's entirely unexpected behaviour. Good user interface design means using common patterns and metaphors - buttons look like buttons, links and urls follow certain conventions, grabbable areas like scrollbars have textured surfaces, etc. etc.

The floating warning icon has absolutely no existing analog. No app that I can think of floats icons or other images outside of their window. To a user it looks weird, alien and out of place. And things that look weird and alien get dismissed as bugs or worse (the first time I saw it, I thought I'd caught some weird virus). With the ability to change the position of the icon Sun will make things even more inconsistent and worrying for users.

I'd have to agree with the above posts, Java 7 is a great chance to get applets right, better to tackle the fundamental issue head on by sacrificing some backward compatibility rather than going the heroic route of finding some workable workaround. It'd be better in the long term.

Why not do this: - totally block undecorated Frames => frame.setUndecorated(true) has no effect - suppress the length of the Frame title visually, frame.getTitle() must return the full title - append " - Java Applet Window" in the frame title.

Basically air looks like webstart but nicer looking and smoother. As you can see they have no warning icon outside there window Would also be nice if webstart had the installer window they use, able to pick where to install the app.Edit:Why doesn't Java have a nice market place?

Basically air looks like webstart but nicer looking and smoother. As you can see they have no warning icon outside there window

Well, that's because their apps are signed. Signed java apps don't have the icon either.

I went to install the Mini clock, and the experience wasn't all that pleasant or different from a typical webstart app install.

(BTW, the clock widget proceeded to use about 10% of the cpu while running, and took around 80M of resident memory, so hey, may be JavaFX isn't that bad =) Their warm startup time is much better though)

(Edited: well, the Mini Clock re-starts in 4 seconds, which isn't all that great. The nicolodeon app is almost instant though)

This is one of my main frustrations with JavaFX is you have to bite off the core of 3meg just to start up and everything you add on top is just extra weight. Though 3meg is pretty small for an application, to require that to launch an applet seems VERY heavy. Even on broadband it can add valuable seconds to load-time.

This is one of my main frustrations with JavaFX is you have to bite off the core of 3meg just to start up and everything you add on top is just extra weight. Though 3meg is pretty small for an application, to require that to launch an applet seems VERY heavy. Even on broadband it can add valuable seconds to load-time.

Well, the thing here is that javafx runtime is pre-installed with 6uN updates, so in theory for many users they only pay the price of the application.For Macs yes, one would have to pay the price for the runtime download. The unfortunate thing is that because of the bugs in webstart it has to eagerly download some parts of the runtime which may not even be used.

So no comment on why Sun introduced an entirely alien and unfamiliar UI concept when an existing one already was already in common usage?

Because of our evilness, of course, we're out to harm the developers.

I don't think it was thought of "alien or unfamiliar". All we were trying to do is to get rid of the ugly java applet warning window (requested MANY times by the developers).

Apple has done it in a nice way, but because of technical limitations on windows (and other platforms, which give out more control to the user for window themes and such) it couldn't be done the same way, so we decided on an icon (after consulting with UE team, btw).

You can't put it inside the client window because it'll obscure the client content, so the logical choice is to put it outside. I myself think that it is associated well enough with the window it is attached to - you drag it, it is dragged, etc.

Also, where else would you put a warning for a translucent, shaped, or undecorated window?

Why not do this: - totally block undecorated Frames => frame.setUndecorated(true) has no effect - suppress the length of the Frame title visually, frame.getTitle() must return the full title - append " - Java Applet Window" in the frame title.

What's so bad about this solution? It seems so obvious.

Hi, appreciate more people! Σ ♥ = ¾Learn how to award medals... and work your way up the social rankings!

Do not allow such behaviour on untrusted applications. Don't throw exception, just make is a no-op when the attempt is made.

What's so bad about this solution? It seems so obvious.

Yeah, now I agree that this would be better than the current warning sign. Like OrangyTang said, users are familiar with it.

Also, like was said before, applets shouldn't really need to pop up windows except for functional things like popping a file-open dialog which will always have a title bar (and won't be undecorated or translucent).

java-gaming.org is not responsible for the content posted by its members, including references to external websites,
and other references that may or may not have a relation with our primarily
gaming and game production oriented community.
inquiries and complaints can be sent via email to the info‑account of the
company managing the website of java‑gaming.org